Circuit arrangement and method for protecting electronic components against illicit manipulation

ABSTRACT

To provide a microelectronic circuit arrangement ( 100 ) and a method for protecting at least one electronic component against illicit manipulation and/or unauthorized access, in which circuit arrangement ( 100 ) and method there are no opportunities for manipulation even during or in connection with the start-up procedure, it is proposed that there be arranged at least activating unit (Ai; i=1, 2, 3, 4, 5) for checking whether at least one activating condition is met and for activating at least one preventing unit (Vj; j=1, 2, 3, 4, 5, 6, 7) that is also associated with the circuit arrangement ( 100 ) and that is connected to the activating unit (Ai), by means of which preventing unit (Vj) the component ( 200 ) can be at least partly de-activated and/or at least partly destroyed in the event of illicit manipulation and/or unauthorized access.

This application is a national stage entry of PCT/IB03/06166 filed onDec. 15, 2003.

The invention relates to the technical field of the protection ofelectronic components against illicit manipulation and/or unauthorizedaccess.

Conventionally, electronic components that are to be protected againstunauthorized access or against illicit changes of the contents of theirmemories are altered by the activation of fuses or by the storing ofpasswords. At the time of use, alterations of this kind are recognizedin the procedure of starting up the state machine that is incorporated,or, before use, the valid password is queried and then governs otherfunctions; also, sensors that detect an attempt to manipulate acomponent are analyzed in the start-up procedure

The prior art systems explained above are disadvantageous inasmuch as itis possible for manipulation to take place even during the start-upprocedure itself; also the start-up procedure can be performed as oftenas desired and may thus itself become the subject of an analysis for thepurposes of manipulation.

Taking the disadvantages and shortcomings described above as a point ofdeparture and with due allowance for the prior art that has beenoutlined, it is an object of the present invention to provide amicroelectronic circuit arrangement and a method for protecting at leastone electronic component against illicit manipulation and/orunauthorized access in which there are no opportunities for manipulationeven during or in connection with the start-up procedure.

This object is achieved by a circuit arrangement having the featuresdetailed in claim 1 and by a method having the features detailed inclaim 5. Advantageous embodiments and useful further embodiments of thepresent invention are characterized in the dependent claims.

The microelectronic circuit arrangement according to the presentinvention has a plurality of units or parts, there being at least oneactivating unit or circuit and at least one preventing unit or circuitpresent together in each case.

The activating unit checks that at least one activation condition is metand, in the event of at least one activation condition (=illicitmanipulation of and/or unauthorized access to the electronic component)being met, activates the preventing unit, by means of which theoperation of the component can be at least partly deactivated and/or thecomponent can be at least partly destroyed. Advantageously, thepreventing unit may be constructed by using analog circuit technology ordirectly digital circuit technology (such as a fuse or antifuse) or evenby using mixed analog/digital circuit technology.

In a particularly inventive embodiment, the check that at least oneactivation condition is met, i.e. the detection of the startingcondition for self-destruction, may be performed by analysis of a flowof data applied from outside or by signals from the internal sensorcircuitry.

With regard to the methods of activation implemented in the activatingunit, there are a plurality of options that can be put into practiceseparately from one another or in combination with one another, such as

-   -   the recognition once or more than once of at least one illicit        command,    -   the recognition of a multiplicity of different illicit        operations,    -   the issuing of at least one specific activating command,    -   the issuing of at least one activating command together with        data that is addressed to a plurality of components by means of        at least one group coding, or to an individually coded        component, and/or    -   the recognition once or more than once of at least one physical        attack on the component, by means of sensor circuitry belonging        to the component that is intended for this purpose; what is        meant by “physical attack” in this connection is for example        -   the action of light,        -   damage to a covering layer of the component, or        -   movement outside permitted limiting values for frequency            and/or temperature and/or for the supply voltage or for a            combination of these parameters.

With regard to the methods of prevention implemented in the preventingunit, there are a plurality of options that can be put into practiceseparately from one another or in combination with one another, such as

-   -   the prevention of at least one internal oscillator from        beginning to oscillate,    -   the prevention of at least one oscillator for an external clock        signal from beginning to oscillate,    -   the switching off of at least one high-voltage limiter, in        particular by means of permanent programming,    -   the prevention of the build-up of at least one high voltage,    -   the reprogramming of the allocation of addresses and/or the        allocation of data,    -   the loading of at least one memory element of the component with        illicit values of data;        and/or    -   the switching on of at least one increased current drain in the        operating state or the quiescent state.

So, to sum up, the present invention may be implemented by a circuitarrangement that may for example be of a mixed analog/digital nature andthat, on activation of the circuit arrangement by external commends thatare recognized or by internal sensors, deactivates the electroniccomponent and/or triggers further faults, preferably irreversibly.

For this purpose, further fuses, which stop the electronic componentfrom operating from the very outset or even cause deliberate additionalconsequential faults, are activated in addition to conventionalmemory-based soft fuses with the help of the monitoring and high-voltagecircuits that are incorporated in, for example,E[lectrically]E[rasable]P[rogrammable]R[ead]O[nly]M[emory] or flashproducts.

The security of the EEPROM or flash products against snooping andagainst analysis is increased in this way; also, the customer isprovided with an opportunity of deliberately deactivating orirreversibly damaging his product when in field use, by using suitablesoftware, where this appears to the customer to be necessary in theevent of at least one activation condition having been met.

In a particularly useful manner, the correlation described above, incombination with sensor-monitored covering layers on EEPROM or flashproducts, may be used to destroy the latter on their being partly orcompletely reverse-prepared for analysis purposes.

In addition, the functions described above are useful even for theend-customer, especially in S[mart]C[ard]C[ontroller] chips, because theend-customer can then de-activate products in use in the field, forexample deliberately, when in contact with the master system.

The present invention finally relates to the use of at least one circuitarrangement of the kind described above and/or of a method of the kinddescribed above to cause the self-destruction of at least one integratedcircuit in the event of unauthorized use in the field or in the event ofan illicit attempt to analyze the integrated circuit by at least partialreverse preparation.

As already discussed above, there are various possible ways in which theteaching of the present invention may be embodied and developed. Forthis, on the one hand reference should be made to the claims dependenton claim 1 and claim 5, and on the other these and other aspects of theinvention are apparent from and will be elucidated with reference to theembodiments described hereinafter.

In the drawings:

FIG. 1 is a block diagram giving a diagrammatic view of one embodimentof a circuit arrangement according to the present invention that makesuse of the method according to the present invention.

Shown in FIG. 1 is an embodiment of a microelectronic circuitarrangement 100 intended for protecting an electronic component 200against illicit manipulation and unauthorized access.

Basically, this circuit arrangement 100 operates by employing thefollowing method of operation:

(i) the fulfillment of an activation condition is checked for by meansof activating units A1, A2, A3, A4, A5, where

(i.1) activating unit A1 is arranged to recognize an illicit commandonce or more than once,

(i.2) activating unit A2 is arranged to recognize a multiplicity ofdifferent illicit operations,

(i.3) activating unit A3 is arranged to issue a given activatingcommand,

(i.4) activating unit A4 is arranged to issue an activating commandtogether with data that addresses a plurality of components by means ofat least one group coding, or an individually coded component, and/or

(i.5) activating unit A5 is arranged to recognize once or more than oncea physical attack on the component 200, by means of sensor circuitrybelonging to the component 200 that is intended for this purpose,

(ii) in the event of illicit manipulation of the component 200 and/orunauthorized access to the component 200 being recognized: one or morepreventing units V1, V2, V3, V4, V5, V6, V7 connected to the activatingunits A1, A2, A3, A4, A5 are activated, where(ii.1) preventing unit V1 is arranged to prevent an internal oscillatorfrom beginning to oscillate(ii.2) preventing unit V2 is arranged to prevent an oscillator for anexternal clock signal from beginning to oscillate,(ii.3) preventing unit V3 is arranged to switch off a high-voltagelimiter, in particular by means of permanent programming,(ii.4) preventing unit V4 is arranged to prevent the build-up of a highvoltage,(ii.5) preventing unit V5 is arranged to reprogram the allocation ofaddresses and/or the allocation of data,(ii.6) preventing unit V6 is arranged to load the memory element 210 ofthe component 200 with illicit values of data, and/or(ii.7) preventing unit V7 is arranged to switch on an increased currentdrain in the operating state or the quiescent state, and(iii) the component 200 is deactivated and/or the component 200 isdestroyed by means of preventing units V1, V2, V3, V4, V5, V6, V7.

The embodiment shown in FIG. 1 is based specifically on the principle ofde-activating the high voltage:

If the activation condition is met, i.e. if a start condition for theself-destruction is recognized—either by analyzing an externally appliedflow of data or by signals from the internal sensor circuitry of thecomponent 200—this recognition and the desired effects it is to have areplaced in store in coded form in the memory 210 that is used forstart-up, namely in the form of the self-destruction SZ and theprevention methods V1, V2, V4, V7.

In the next step, the start-up procedure, which initiates theappropriate actions when the condition for the self-destruction SZ isrecognized, is repeated.

At the next attempt to start up the product, the conditions that ariseare as follows:

[a] the conditions are read out,

[b] prevention method V7 is set:

-   -   increased current drain is switched on,        [c] prevention method V4 is set:    -   the generation of high voltage is blocked,        [d] prevention method V2 is set:    -   the external clock signal is ignored,        [e] prevention method V1 is set:    -   the internal clock signal is stopped.

Consequently, different states can be brought into being between totalnon-functioning of the component 200, restriction of the scope offunctions of the component 200 (programming not now possible, say)through to deliberate faults in the environment of the integratedcircuit (increased quiescent current, say, for battery-operatedapplications for example).

LIST OF REFERENCE NUMERALS

-   100 Microelectronic circuit arrangement-   110 Connection between activating units Ai (i=1, 2, 3, 4, 5) and    preventing units Vj (j=1, 2, 3, 4, 5, 6, 7)-   200 Electronic component-   210 Memory element of component 200-   A1 First activating unit or first method of activation-   A2 Second activating unit or second method of activation-   A3 Third activating unit or third method of activation-   A4 Fourth activating unit or fourth method of activation-   A5 Fifth activating unit or fifth method of activation-   SZ Self-destruction-   V1 First preventing unit or first method of prevention-   V2 Second preventing unit or second method of prevention-   V3 Third preventing unit or third method of prevention-   V4 Fourth preventing unit or fourth method of prevention-   V5 Fifth preventing unit or fifth method of prevention-   V6 Sixth preventing unit or sixth method of prevention-   V7 Seventh preventing unit or seventh method of prevention

1. A method of protecting at least one electronic component of a productagainst illicit manipulation and/or unauthorized access, characterizedby the following method steps: (i) checking that at least one activationcondition is met by means of at least one activating unit, (ii) if atleast one activation condition is met, recognition of this fact and thedesired effects it is to have are placed in store in coded form in atleast one memory element that is used for starting-up the component, andat the next attempt to start up the product; reading out the activationcondition; and (iii) in response to the activation condition, activatingat least one preventing unit that is connected to the activating unitand at least partly de-activating the operation of the component and/orat least partly destroying the component, by means of the preventingunit; characterized in that the at least partial de-activation of theoperation of the component and/or the at least partial destruction ofthe component is carried out during the start-up of the product by (j=1)preventing an internal oscillator from beginning to oscillate; (j=2)preventing an oscillator for an external clock signal from beginning tooscillate; (j=4) preventing the build-up of a high voltage; and (j=7)switching on an increased current drain in the operating state or thequiescent state.
 2. A method as claimed in claim 1, characterized in thecheck on whether the activation condition is met is made by analyzing atleast one data stream applied from outside or by signals from theinternal sensor circuitry of the component.
 3. A method as claimed inclaim 1, characterized in that the activation takes place (i=1) as aresult of the recognition once or more than once of at least one illicitcommand, (i=2) as a result of the recognition of a multiplicity ofdifferent illicit operations, (i=3) as a result of the issue of at leastone specific activating command, (i=4) as a result of the issue of atleast one activating command together with data that addresses aplurality of components by means of at least one group coding, or anindividually coded component, and/or (i=5) as a result of therecognition once or more than once of at least one physical attack onthe component, by means of sensor circuitry belonging to the componentthat is intended for this purpose.
 4. A method as claimed in claim 1,characterized in that the at least partial de-activation of theoperation of the component and/or the at least partial destruction ofthe component is carried out by (j=3) switching off a high-voltagelimiter, in particular by means of permanent programming, (j=5)reprogramming the allocation of addresses and/or the allocation of data,and/or (j=6) loading at least one memory element of the component withillicit values of data.
 5. A method of protecting at least oneelectronic component of a product against illicit manipulation and/orunauthorized access, characterized by the following method steps:checking that at least one activation condition is met by means of atleast one activating unit, if at least one activation condition is met,recognition of this fact and the desired effects it is to have areplaced in store in coded form in at least one memory element that isused for starting-up the product, and at the next attempt to start upthe product; reading out the activation condition; and at least partlyde-activating the operation of the electronic component and/or at leastpartly destroying the electronic component, by means of a preventingunit; characterized in that the at least partial de-activation of theoperation of the component and/or the at least partial destruction ofthe component is carried out during the start-up of the product by;switching on an increased current drain; blocking generation of highvoltage; ignoring an external clock signal; and stopping an internalclock signal.
 6. A method as claimed in claim 5, characterized in thatthe check on whether the activation condition is met is made byanalyzing at least one data stream applied from outside or by signalsfrom the internal sensor circuitry of the component.
 7. A method asclaimed in claim 5, characterized in that the activation takes place(i=1) as a result of the recognition once or more than once of at leastone illicit command, (i=2) as a result of the recognition of amultiplicity of different illicit operations, (i=3) as a result of theissue of at least one specific activating command, (i=4) as a result ofthe issue of at least one activating command together with data thataddresses a plurality of components by means of at least one groupcoding, or an individually coded component, and/or (i=5) as a result ofthe recognition once or more than once of at least one physical attackon the component, by means of sensor circuitry belonging to thecomponent that is intended for this purpose.